For some this is relatvely old news, as the change dates from 15th Sept 2003. In case you don't yet know (or sort of know but have not really considered what it means) - Have a look at this Installing Email::Valid or try this:

If you are trying to validate that a domain exists Verisign have now ensured that it will appear to exist at 64.94.110.11 (unless it really does exist) If this IP stays the same it is at least a fixable issue. If you are currently doing anthing that checks to see if a domain exists and splits logic if it does not it will now be totally broken. Just some to the code that will now not behave as expected:

Net::DNS (will always resolve a .com or .net domain)

Email::Vaild (all .com/.net domains are now valid, even if they are totally fake)

tachyon,
I thought I had seen this article posted here at the Monastery, but I could be wrong. It is an interview between O'Reilly Networks and Paul Vixie. chromatic is listed as the author. Currently there issomething you might be able to do. Pressure your DNS provider to apply a patch and enable a feature if possible.

The way this works is actually pretty simple. The DNS servers for .com and .net should only send to you NS records. NS records are like pointers to other DNS servers. This patch rejects everything except NS records when they come from the VeriSign servers. Now when they send to you an A record (which has the IP address inside it), it will ignore it and the patch will instead give you the "does not exist" response.

This is a good way to work around the problem, because it will still work correctly even if VeriSign changes the IP address that they use.

The Acme::DNS::Correct module does not work this way. It merely looks for the hardcoded IP address in the response and filters it out. It will not work if the IP address is ever changed. Well, it's only an Acme module, after all.

Pressure your DNS provider to apply a patch and enable a feature if possible.

That's a start, but it definately isn't a solution. Verisign does not own the .com and .net domains. Verisign needs to be reminded of its responsibilities and how easily they could be taken away. They should also have realized the plethora of legal problems this will create for them (think trademarks amoung others).

Common sense would dictate that Verisign will remember (or be forcefully reminded of) its responsibilities and put this silly action behind them. Unfortunately common sense is in short supply these days.

If you're truly interested in preventing these type of abuses in the future (and fixing this situation) I'd suggest getting involved immediately. Write your representatives (standard rules apply: be nice, coherent, and know what you're talking about) and take further steps as necessary.

If you're truly interested in preventing these type of abuses in the future (and fixing this situation) I'd suggest getting involved immediately. Write your representatives (standard rules apply: be nice, coherent, and know what you're talking about) and take further steps as necessary.

For the people who don't live in the States, do as I did, and sign the online petition.

<plug> my ISP patched Bind within 24hrs of the patch's release, stopping any of these problems from affecting me. If you're in LA, I thoroughly recommend them - very geek friendly. Brand X Internet</plug>